Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web: Rewrite AMO submission script to use their v5 API directly #15844

Merged
merged 1 commit into from
Apr 4, 2024
Merged

web: Rewrite AMO submission script to use their v5 API directly #15844

merged 1 commit into from
Apr 4, 2024

Conversation

torokati44
Copy link
Member

@torokati44 torokati44 commented Apr 2, 2024
edited
Loading

Using axios as an HTTP client instead of the deprecated sign-addon package.

See: https://github.com/mozilla/sign-addon/releases/tag/6.4.0

This will resolve https://github.com/ruffle-rs/ruffle/security/dependabot/44 and https://github.com/ruffle-rs/ruffle/security/dependabot/52, by dropping the outdated request package.

This will also unblock #15731.

@torokati44 torokati44 added firefox extension Related to the Ruffle WebExtension labels Apr 2, 2024
@torokati44 torokati44 force-pushed the drop-sign-addon branch 4 times, most recently from b9a4120 to 002952c Compare April 3, 2024 08:10
@torokati44
Copy link
Member Author

Changed terminology from "sign" to "submit", because we're always getting this result anyway:

Your add-on has been submitted for review. It passed validation but could not be automatically signed because this is a listed add-on.

Apparently, signing only occurs after manual verification. Therefore, no need/way to download a new, signed XPI right away either.

Plus, Mozilla calls their old, and to be deprecated, v4 API the "signing" API, and the new v5 API the "submission" API.

@torokati44 torokati44 force-pushed the drop-sign-addon branch 2 times, most recently from 780e8f4 to afca07d Compare April 3, 2024 22:04
@torokati44 torokati44 marked this pull request as ready for review April 3, 2024 22:05
@torokati44 torokati44 requested a review from kmeisthax April 3, 2024 22:05
@torokati44
Copy link
Member Author

Thankfully Axios automatically throws an error if the status code of any response is <200 or >299, and the AMO API is "well-behaved" in this manner, so no need to do much checking of that ourselves.

@torokati44 torokati44 added the waiting-on-review Waiting on review from a Ruffle team member label Apr 3, 2024
torokati44
torokati44 commented Apr 3, 2024
View reviewed changes
web/packages/extension/package.json
@@ -9,7 +9,7 @@
"build": "tsc -p jsconfig.json && npm run build:generic && npm run build:firefox",
"build:generic": "webpack --env generic && node tools/inject_plugin_polyfill.js && node tools/zip.js dist/ruffle_extension.zip",
"build:firefox": "webpack --env firefox && node tools/inject_plugin_polyfill.js && node tools/zip.js dist/firefox_unsigned.xpi && npm run sign-firefox",
"sign-firefox": "node tools/sign_xpi.js dist/firefox_unsigned.xpi dist/firefox.xpi ../../../reproducible-source.zip"
"sign-firefox": "node tools/submit_xpi.js dist/firefox_unsigned.xpi ../../../reproducible-source.zip"
Copy link
Member Author

@torokati44 torokati44 Apr 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I also rename this script too, to submit_xpi or submit_to_amo or something like that? 🤔

Dinnerbone
Dinnerbone approved these changes Apr 4, 2024
View reviewed changes
Copy link
Contributor

@Dinnerbone Dinnerbone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's see what happens? :D

@torokati44 @Dinnerbone
web: Rewrite AMO submission script to use their v5 API directly
8f82c36 
Dropping the deprecated sign-addon package.
@Dinnerbone Dinnerbone enabled auto-merge (rebase) April 4, 2024 19:42
@Dinnerbone Dinnerbone merged commit bc88577 into ruffle-rs:master Apr 4, 2024
15 checks passed
@Lord-McSweeney Lord-McSweeney removed the waiting-on-review Waiting on review from a Ruffle team member label Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dinnerbone Dinnerbone Dinnerbone approved these changes

@kmeisthax kmeisthax kmeisthax approved these changes

Assignees
No one assigned
Labels
extension Related to the Ruffle WebExtension firefox
Projects
Merged PRs since last progress update
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@torokati44 @kmeisthax @Dinnerbone @Lord-McSweeney